This Policy for the Processing of Users' Personal Data (hereinafter referred to as the Policy) applies to all information, including the User's personal data, which LLC "UCS COMPANY" (hereinafter referred to as the Operator) may receive during the use of the Software owned by the Operator.

1. Terms and definitions

Operator means the limited liability company "UCS COMPANY", PSRN 5077746794186, registered address: 125315, Moscow, Leningradsky Prospekt, Bldg. 70, organizing and (or) carrying out the processing of Personal Data independently or jointly with Partners, as well as determining the purposes of processing Personal Data, the composition of Personal Data subject to processing, actions (operations) performed with Personal Data.

Personal data means any information relating directly or indirectly to an identified or identifiable natural person (subject of personal data).

User is a natural person (subject of personal data) who uses the functionality of the Software in any way.

The law refers to the Federal Law of July 27, 2006 No. 152-FL "On Personal Data."

Software is any software (computer programs, mobile applications, etc.) released under the trademark/name r_keeper, SmartReserve, SberTips (СберТипс), SberFood (СберФуд), as well as any other computer programs, computer services and Internet resources, the copyright holder of which is the Operator and under the control of the Operator.

Processing of Personal Data means any action (operation) or set of actions (operations) performed with or without the use of automation tools with Personal Data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.

Partner is a legal entity or individual entrepreneur that, together with the Operator, provides services to the User within the scope of the functional capabilities of the Software.

The Sberbank PJSC Group is Sberbank of Russia PJSC and legal entities that are subsidiaries and dependent companies (SDC) of Sberbank PJSC. The list of Sberbank PJSC SDC is provided on the official website of Sberbank PJSC www.sberbank.ru 

Delivery Club is Delivery Club LLC (PSRN 1097746360568, TIN 7705891253, address: 125167, Moscow, Leningradsky Prospekt, Building 39, Unit 80, Floor 7, Rooms 1-6,8,9)

2. General Provisions

  1. This Policy defines the rules and principles for processing Personal Data and also contains information about the measures implemented by the Operator to protect Personal Data.
  2. The Operator does not control and is not responsible for third-party information posted on websites to which the User may follow links available in the Software. Such websites and resources may collect or request other Personal Data from the User.
  3. This Policy is published by the Operator in compliance with the current legislation of the Russian Federation, including Article 18.1 of the Law, and is subject to revision and updating at least once every 3 (three) years or when legislation changes. The information security department employee ensures that the Policy is kept up to date.

3. Personal data of the User collected and processed by the Operator

  1. The Operator collects and processes the following Personal Data of Users:
    • location data;
    • first name, last name, patronymic;
    • IP address;
    • e-mail;
    • date of birth;
    • position;
    • place of work;
    • phone number;
    • type of smartphone and its operating system;
    • city of location;
    • type of device and type of operating system;
    • cookie data.

4. Purpose of processing Personal data

  1. The Operator processes only those Personal Data that are necessary for the use of the Software or the execution of contracts (user agreements) with the User.
  2. The processing of Personal data is carried out for the following purposes:
    • creation of accounts, provision of access to accounts in the Software;
    • communication with the User to send notifications, requests and information related to the operation of the Software, the execution of agreements with the User, his requests and applications;
    • analysis and research for the purpose of improving the functioning of the Software, including its quality, convenience, as well as the development of new services within the Software;
    • personalization of advertising offers taking into account the information available about the User based on the received metric data (for example, Yandex.Metrica, Google Analytics, etc.);
    • making payments for goods and services on the Operator’s Internet resources;
    • provision of services to the User by the Operator’s Partners;
    • processing of the User's requests for table reservations in restaurants, made through the Software.

5. Terms of Processing Personal Data and Transferring It to Third Parties

  1. The processing of Users' Personal Data is carried out for the period necessary to achieve the goals defined by this Policy, in any legal way, including in Personal Data information systems with or without the use of automation tools.
  2. The processing of Users' Personal Data is permitted only with the consent of the personal data subject in the manner and to the extent provided for by the Law and determined by the purposes of the Personal Data Processing.
  3. The Operator has the right to provide the User's Personal Data, including entrusting the Processing of Personal Data, on the basis of agreements concluded with them to the following third parties:
    • Partners, as well as other contractors, service providers and other third parties who are engaged by the Operator to provide a range of works, services and (or) other actions for the purpose of functioning, improving and implementing other actions in relation to the Software.
    • Partners implementing the sale of copies of the Software on the basis of a license agreement concluded with the Operator
    • Delivery Club
    • Mail.ru
    • Sberbank PJSC Group

Information on the implemented requirements for the protection of personal data

  1. The security of Personal Data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary and sufficient to ensure the requirements of federal legislation in the field of personal data protection, the identification and prevention of incidents related to unauthorized access to personal data and unauthorized actions with them.
  2. In order to purposefully create unfavourable conditions and insurmountable obstacles for violators attempting to gain unauthorised access to personal data for the purpose of obtaining, modifying, blocking, destroying, infecting with malicious software code and committing other unauthorised actions, the Operator applies the following organisational and technical measures:
    • appointment of officials responsible for organizing the processing and ensuring the security of personal data;
    • limiting the number of employees who process personal data and have access to personal data when performing their work duties, regulating the procedure for providing such access;
    • familiarization of employees with the requirements of legislation and internal regulatory documents of the Operator on the processing and protection of personal data;
    • ensuring the accounting and storage of tangible media of personal data and establishing the procedure for handling them, aimed at preventing their theft, substitution, unauthorized copying and destruction;
    • identifying security threats to personal data during their processing, forming private threat models on their basis and constantly maintaining their relevance;
    • development of a personal data protection system based on a threat model for an appropriate level of personal data protection;
    • regular testing of the readiness and effectiveness of the information security tools used;
    • implementation of an access control system for user access to information resources, software and hardware for processing and protecting information;
    • password protection of user access to the personal data information system;
    • registration and accounting of actions of users of personal data information systems;
    • application of access control tools to communication ports, input/output devices, removable storage media and external storage devices;
    • Use of cryptographic information protection means when necessary to ensure the security of personal data during transmission over open communication channels and storage on machine-readable information carriers;
    • implementation of anti-virus control, prevention of introduction of malicious programs and software backdoors into the corporate network;
    • firewall application;
    • detection of intrusions into the Operator's corporate network that violate or create preconditions for violating established requirements for ensuring the security of personal data;
    • analysis of the security of the Operator's personal data information systems using specialized software (security scanners);
    • centralized management of the personal data protection system;
    • backup of information;
    • ensuring the restoration of personal data modified or destroyed due to unauthorized access to them;
    • training of employees using information protection tools applied in personal data information systems, rules of operation with them;
    • accounting of the applied means of information protection, operational and technical documentation for them, machine storage media of personal data;
    • use of information security tools that have undergone the established procedure for assessing compliance with security requirements;
    • systematic monitoring of user actions, conducting investigations into violations of personal data security requirements;
    • placement of technical means for processing personal data within the protected area;
    • organization of access control to the Operator's territory, security of premises and technical means of processing personal data;
    • maintaining technical security equipment, alarm systems of premises in a state of constant readiness, video surveillance.

6. Final Provisions

  1. Other rights and obligations of the Operator related to the processing of personal data are determined by the Law.
  2. The Operator's officials guilty of violating the rules governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil and criminal liability in accordance with the procedure established by law and the Operator's internal regulatory documents.

  3. A corresponding request within the framework of implementing the User's rights regarding their Personal Data or leaving comments and suggestions concerning the terms of this Policy can be made via sending an email to rkeeper@rkeeper.ru..

  4. Link to mobile app r_keeper Courier App: https://play.google.com/store/apps/details?id=ru.rkeeper.courierapp&hl=ru&gl=US